In the past they were pretty much associated with downloaded executables, and I didn't mind deleting them, since they were usuyally older archived versions; but I wasn't about to delete any dll's without rechecking. A Webroot rescan picked up the same files. I then scanned the directory with Emsisoft's malware detector, and it found nothing.
I'm becoming concerned about these false positives. Are others finding this happening repeatedly?
----------------------------------------------------------------------------------------------------------------------------------------
[b] c:windowssystem32xvid.dll [MD5: 4581AC2AAD750548AC6B4AA6A06D1926] [Flags: 00080000.11333] [Threat: W32.Malware.Gen]
[b] c:windowssystem32xvidcore.dll [MD5: 06E70FF8D74F243C32BC38E00837E193] [Flags: 00080000.11335] [Threat: W32.Malware.Gen]
Best answer by Rakanisheu Retired
Thanks for the feedback, I have fixed those false positives and they should no longer be detected. With any AV software there will be some false positives but we generally have a very low number of FP`s considering the large volume of malware that we detect every day.
Webroot will not remove any critical Windows files that are needed to it to boot but there is no harm in submitting a troubleshooting ticket so we can take a look at any detection if you are ever concerned. The detection name (W32.Malware.Gen) is a generic malware group name that is used by the industry.
Thanks,
Roy
Threat Research